RISK IN SIGHT NEWSLETTER
Welcome to the first issue of Risk in Sight, brought to you by Napa River Insurance Services, Inc.TM in partnership with Hudson Insurance Group. This newsletter will provide you, our valued transportation clients, with information about best practices, industry updates, company news and other information that will help enhance your business. Risk in Sight will also feature our risk and safety supplementary services. Most notably is our 24-hour risk management and safety support via an intuitive web-based portal, the Risk Management Center (RMC) in partnership with Succeed®. Some of the portal’s features include:
- Access to best practice recommendations, safety programs and a library with templates for policy and procedure development
- The ability to train employees online by scheduling web-based programs which track and offer certificates of completion
- An incident reporting and tracking function for clients to monitor and report on risk and quality outcomes, including the ability to develop customized reports
- The capability to construct a customized dashboard to establish and rank meaningful metrics and/or to establish benchmarking metrics or analytics.
We realize the industry faces an ever-changing set of challenges and opportunities, and we strive to be ahead of the curve to help ensure you are ready for whatever challenges your business may face. This newsletter is a testament to our resolve to keep abreast of new industry developments and to continually examine how we can improve our offerings to best
meet your needs.
Thank you for your business.
About Napa River
Napa River Insurance Services, Inc. is a California domiciled premier third-party administrator that provides the following services in the fleet trucking market:
Claim Services: We handle claims for clients who choose to outsource their Self-Insured Retention (SIR) claims. Each client is assigned a specialist who becomes their single point of contact on all matters. Your contact will work directly with you to ensure a clear understanding of your claim goals and will map out a specific plan to help you achieve them.
Our team has handled and resolved thousands of transportation claims, so we truly understand the trucking industry and the particular challenges it faces. We understand claims become more expensive the longer they remain open, and a reduction in the number of open claims directly affects the level of collateral required. To that end, we aim to close claims as efficiently as possible while securing the most favorable outcome.
We take a comprehensive approach to transportation claims, providing a unique blend of expertise, responsive and personalized service, and innovative programs and technology including:
- A single source of claims contact who knows and understands your claims goals • Managed claims within SIR from start to finish
- FileHandler™, our state-of-the-art claims system with online real-time access to all claims documents, financials and loss reports
- 24/7 engagement of our experienced claims personnel for any claim emergency needs
- State and federal claims reporting on Medicare, OFAC, SIU, ISO-Index and child support liens • Nationwide access to claims vendors with pre-negotiated reduced rates
- Legal monitoring and bill review
- Excess carrier claim reporting
Risk Management Services:
Since the first dollar of loss is within a client’s SIR, we provide risk management services to help protect your capital at the earliest opportunity. Our specialists will provide unique, tailored solutions that promote a culture of safety.
We understand that prevention is key. Our objectives are to help identify and avoid problems before they happen, improve driver retention and build a risk management culture that minimizes the overall cost of risk, which ultimately protects your capital and boosts your bottom line.
Our broad array of services includes:
- Safety, Compliance and Risk Management
- Assessments and Consulting Driver Recruiting Improvement Strategies
- Driver Care Frontline Staff Training
- Driver Retention Programs
- Evaluation and Design of Safety Incentive/Award Programs • Loss Experience and Cost of Risk Analysis
- DOT Audit Preparatory Evaluation
- Ongoing Remedial Driver Training Design and Implementation
- Design and Implementation of Entry Level Driver Training Programs
Additionally, we provide clients access to our robust Risk Management Center (RMC), powered by Succeed®. The RMC is our learning, risk management platform and online resource that provides a wealth of information and effective tools.
We take our obligation to bring real value and effective solutions quite seriously. We are honored to have you place your trust in us, and want to exceed your expectations whenever possible. Choosing a business partner is a critical decision and, like you, we take great pride in whom we work with. Thus, our team extends a heartfelt THANK YOU for choosing us as your claims and risk and safety partner.
Hudson Commercial Auto
Hudson Insurance Group is a leading provider of commercial automobile insurance, offering its products through agents, brokers and program administrators across the U.S. Operating out of Indianapolis, our team has been serving the trucking industry since 1995.
From vans, pick-ups and fleets to heavy haul, tandem and specialized trucking, we offer clients access to best-in-class expertise from a team that is focused on helping them meet risk management objectives, protect capital and minimize the cost of risk. To meet this need, Hudson offers an Excess Indemnity Contract (EIC) that sits above a Self-Insured Retention (SIR). The SIR is determined by the size and criteria of each client, with the goal of customizing coverage and risk-sharing that fit specific needs.
Hudson also offers a MCS-82 Surety Bond, which is independent of the EIC and satisfies the motor carrier’s financial responsibility requirement with the Federal Motor Carrier Safety Administration. For those carriers utilizing Independent Contractors, Hudson can also provide Non-Trucking Liability, Physical Damage, Occupational Accident, Contingent Liability and other ancillary products. Meanwhile, our third-party administrator, Napa River Insurance Services, Inc., provides risk management and claims handling services to insureds.
Hudson has a solid foundation in the trucking industry rooted in our deep industry knowledge, longevity within the transportation market, our financial security and, most importantly, our strong client relationships. We also understand that a one-size-fits-all approach seldom works. Sharing best practices is important, but even more so is adapting them to meet your specific needs. By providing you with excellent service, we proactively seek to preserve our partnership and, where possible, strengthen it.
For more information about our products, please visit us at husdoninsgroup.com/fleet.htm.
The Key to Our Claim Philosophy: Communication
While some of you may have heard this before, I want to reiterate a message of great importance — our claim philosophy. The cornerstone of our philosophy is communication, and our execution of this philosophy is what truly defines us and separates us from our peers.
Throughout the entire life of the claim, we continuously communicate the status of the claim. Once a claim is established, the file contents will be available 24/7 for review. Through FileHandler™, our state-of-the-art claim system, you will see adjuster notes, correspondence generated, documentation obtained and financials posted to that file. The financials are reflected in real time, allowing you to obtain standard and/or tailored financial loss runs and reports any time you desire. The adjuster assigned to your account will provide you updates upon the progression of the claim to avoid any surprises along the way.
Our methods help ensure collaborative claim handling through file closure and truly exemplify the value and respect we have for you — our clients.
Coming Soon! Visit our new website at napariverinsurance.com! Camera Installation: Do Benefits Outweigh Concerns?
Stephen M. Philleo, J.D., Director of TPA Claim Operations
Clients often ask our advice regarding camera installation on units, since many worry that the benefits may not outweigh their concerns. To clarify our perspective, we list below two of the most commonly raised questions, along with our responses:
Are cameras worth the cost?
From a risk management perspective, the benefits very often outweigh the costs. If even one claim can be denied through evidence from a camera, the costs can be easily offset. A recent example supporting this view comes from one of our clients involved in an accident where liability initially appeared to be indeterminate. After reviewing a unit camera recording that filmed the incident, the county police sergeant advised our client:
“This video was the critical piece of evidence in my investigation to determine your driver was not at fault and he will be listed as driver #2 (on the police report). The other driver has been determined to be at fault and will be listed as driver #1. Without this video, I would not have been able to determine the at-fault driver due to differing testimony. Basically, we wish every transportation company would equip their tractors with a video like you had, as it made our investigation result very clear.”
Without the unit recording, we would not have had the unquestionable evidence leading to such a prompt resolution.
What if the camera captures something incriminating or harmful?
If the camera captures facts that could have adverse effects on our client, it is better to know and acknowledge those facts upfront so that we can be proactive in our settlement efforts. If, on the other hand, we do not learn the true facts of the case until suit discovery, the claim may remain open longer due to unnecessary litigation, thus resulting in a more costly resolution.
Bottom line: we believe cameras should be installed in every unit. The cost of installation can be easily offset by the one claim that is not paid. Additionally, cameras help in the discovery of the true facts — good or bad — so the claim can be resolved in a timely, cost-effective manner.
Comprehensive Risk Management, Employee Safety and Compliance Platform
Help protect your company with the Hudson Risk Management Center (RMC), a unique web-based software suite of safety and risk management tools designed to empower your organization’s risk prevention efforts.
The RMC allows you to reduce risk and enable employee safety by creating effective risk mitigation programs. It is easy to access and use, and provides a cost-effective risk reduction and safety center for your entire organization across all departments and locations.
Efficient, Cost-Effective and Time-Saving Solutions
The RMC is right for any organization that wants to proactively manage their risk exposures and develop effective workplace safety programs to reduce claims, losses, and associated costs. It enables employers to:
- Meet OSHA hazard communication requirements
- Access a best-practices safety library
- Train employees efficiently and effectively
- Build a behavior-based safety program
- Manage certificates of insurance to limit liability
- Create job descriptions and modified duty programs Benefits at a Glance
- Used by over 45,000 organizations worldwide
- Comprehensive risk management platform eliminates the need for multiple programs
- Easy access through web-based application
- Complete library of safety and risk management materials based on industry best practices
- The tools for a true behavior-based safety program
- Comply with regulatory requirements
- Improve profitability through reduced costs and increased productivity
- No internal development or maintenance costs
A Holistic Solution to Manage Risk, Control Loss and Improve Compliance
Click an item below to view a short video for more information.
ONLINE TRAINING LIBRARY
Multitude of bilingual PowerPoints, policies and training shorts
CERTIFICATE OF INSURANCE MANAGEMENT
Manage your COIs to control liability and risk
HR & BENEFITS DATABASE
Resources and handbooks for all 50 states
BEHAVIOR-BASED SAFETY PROGRAMS
Build behavior-based safety programs with job hazard analyses
INCIDENT TRACKING/TRENDING AND CLAIMS REPORTING
Trend incidents, report claims, print OSHA logs
JOB DESCRIPTION TRACKING
Access a pre-loaded library of comprehensive job descriptions; create modified duty assignments
SAFETY DATA SHEET MANAGEMENT
Be compliant with OSHA hazardous material standards and the new globally harmonized system
EMPLOYEE TRAINING MANAGEMENT
Automate scheduling and reporting using our online training
Have your risk and compliance programs managed by Succeed
Steps to Elevating Your Safety & Risk Management Program
Our safety and risk management articles will focus on ways to improve your overall safety and risk management program. While subsequent articles will address the use of technology and the role it can play in improving driver performance and mitigating risk, this article will spotlight the cultural aspects of continuous improvement.
Quest for the Next Level
The search for how to take a safety and risk management program to the “next level” can sometimes lead to great frustration, since there is no silver bullet, singular idea or solution to help reach this mystical place. To reach this goal, we must first recognize the biggest obstacle — distraction, otherwise known as the “silent killer.” Based on our years of experience in the trucking industry, we understand the majority of large losses have a root cause that often includes some type of driver distraction. Even seemingly minor distractions can make the difference in a driver safely negotiating potential problems or becoming involved in an accident, and these distractions can come in many forms. Common distractions for professional drivers can include personal problems, such as family or money-related issues, as well as interaction with frontline employees (including dispatchers, operations personnel, mechanics and even payroll and HR personnel). Drivers can also be distracted by situations with customers or by other drivers on the road.
Slaying the Dragon: Combating Distractions
In our quest to reach the next level, we often lose sight that the most basic starting point for improvement may be easily within reach — the people and culture within the organization. In trucking, one of the leading causes of driver turnover is displeasure with a member of management or support staff. Additionally, those on the front line, on whom the driver depends, can be a source of frustration and lead to distraction on the road. Moreover, it is those same people — with which the driver has the most interaction—that may be the key in helping identify and combat distraction. Through day-to-day interaction, frontline personnel get to know the driver and in the process have the opportunity to gain insight to specific situations in a driver’s life, learn to recognize when he or she is showing signs of behavioral changes that could lead to distraction, and can step in to provide any assistance they might need.
Frontline personnel are key links between the company and the driver.
Driver environment plays a major role in mitigation of risks.
Steps to Victory: Reaching the Next Level
- In order to create a better safety and risk management culture, an organization must start to educate everyone that touches a driver. Operations and frontline personnel, who have direct contact with the driver, are an obvious place to start. However, we must go deeper into the entire organization and include anyone that may interact either directly or indirectly with the driver and has the potential to recognize or be a source of distraction.
- Recognizing Risk. Years ago, the vast majority of dispatchers and other frontline personnel had been drivers at one point in their career, and they had firsthand knowledge of the challenges drivers face every day. Today, former drivers are indeed the minority in frontline supervisory and support positions. Many of these individuals have never even been in a truck, let alone have intimate knowledge of driver challenges. Thus, personnel must be trained to recognize risk so they can then try to mitigate it. They must know how to better listen to the driver in order to pick up on the signs of behavioral change or possible distractions. Of equal importance is spending more time with drivers in order to learn about possible issues that may negatively affect them. With the introduction of more technology, recognizing risk may become problematic as more and more interaction with drivers takes place via an in-cab screen and less time is spent in person.
- Building Infrastructure & a Culture of Safety. Training is not enough. Organizations must also have the infrastructure in place to address concerns that may be identified. The first time a potential issue is not taken seriously will be the last time that individual comes to management with possible concerns. Oftentimes solutions may be very simple; however, the organization must also be committed to addressing the more challenging issues. Forming an improvement working group that regularly convenes to discuss issues and resolutions is one example of how to address challenges. Participants should represent various areas and levels across the organization to help ensure all perspectives are considered. Discussing past issues will also help lead to proactive measures that may avoid similar problems down the road.
Drivers are the lifeblood of the transportation industry, yet we accept high turnover and driver shortages as the simple reality of trucking. We shouldn’t. We should build a culture that is respectful and mindful of the driver and for that matter, everyone within the organization. Individuals must take responsibility for their own actions, and have an interest in the success of others and the organization as a whole. The organization that has achieved that next level is one that knows and respects the value and sacrifices of the driver and those they leave behind each week. In better addressing issues that cause driver distractions, organizations will see improvement in driver retention, as well as reduction in potential risk. By creating this culture, organizations can take a giant leap ahead to reach the NEXT LEVEL.
Our Driver Care Program, a value- added feature of our insurance program, aims to improve driver retention. Cyber Liability:
Today’s Rapidly Growing Risk
This is the first article in a series. This part discusses the scope of “cyber liability” and the fact it is not limited to online networks or to the mere theft of sensitive information. Future articles are: • Part Two: Ways Your Organization Can Be Harmed • Part Three: Limiting Exposure through Preventive Measures • Part Four: Preparing for the Time When Preventive Measures Fail
PART ONE: What is Cyber Liability?
Cyber Liability can mean different things to different people, but we will define it as the risk associated with conducting business online, over other electronic networks or utilizing electronic storage technology. You don’t have to be a large business, or one that conducts business online, in order to have cyber exposure. Almost every business has at least one computer, and if you have a computer, there is a pretty good chance that it is equipped to connect to the internet. Even small businesses utilize third-party service providers for hosting e-mail, billing, payroll and a wide variety of other functions. Cloud-hosted applications and storage have become commonplace. Almost no business, big or small, is immune from cyber exposure. Large companies have long been targeted for their treasure troves of information; now small companies are targeted because they are seen as vulnerable prey.
The healthcare industry, more regulated than many, faces unique risks. Legislation such as HIPAA, HiTech and the Health Information Privacy and Security Act impose very specific requirements and include fines and penalties that can be very substantial. The cost of healthcare breaches is roughly double that of retailer breaches and 50% higher than financial institution breaches.
The primary driver of the excess costs is regulatory compliance, and associated fines and penalties. Medical records command a much higher price on the black market — as much as 10 times what credit card information brings. Medical information can be used to create false identities to obtain medical devices or drugs for resale, as well as to file false medical claims. Medical fraud can take months or even years to detect, whereas payment card fraud is typically discovered after a single billing statement. Medical organizations have extremely high volumes of valuable personal information. That fact, combined with reliance on multiple vendors and partners across multiple networks, increases vulnerability. You are only as secure as your weakest link.
Much has been made over the past couple of years about “The internet of Things.” Refrigerators and home thermostats are connected to the internet to allow us to monitor them as well as to report to the manufacturer on the device or equipment’s own operational performance. Medical devices are no exception. There has been much discussion of how insulin pumps and pacemakers could be targeted; certainly healthcare facility equipment would be at risk as well. If your refrigerator were hacked, your milk might go bad or you could lose a few prime steaks. Access to medical equipment could be life-threatening.
There are a wide variety of third-party and first-party losses that can occur as a result of a cyber attack. Third-party losses are those suffered by others, whether as a result of an attack on the provider’s network or by other loss of control of information, which could be as simple as loss of a backup drive or the theft of a laptop. First-party losses are expenses that the provider incurs as a result of the attack on their system or a loss of control over sensitive information.
Third-party claims based on third-party losses are often expressed in lawsuits. The lawsuits may be based on a number of types of loss, including injury to reputation or financial loss due to public distribution of private information. Legal fees in third-party claims can be substantial, and some claims can take the form of class actions. There are many different types of first-party losses that can occur; here are some of the types most commonly encountered:
- Notification expenses are costs incurred to notify affected parties that their personal information has been compromised. Whether or not notification is required depends on the nature of the breach and which federal and state regulations are involved.
- Credit monitoring expenses are the costs to provide affected parties with the ability to monitor their credit to help identify any abnormal or unauthorized activities. The period typically ranges from one to three years, depending on the nature of the breach and which federal and state regulations are applicable.
- Credit/identity restoration expenses are a newer first-party component that takes monitoring a step further. When a compromise occurs and an individual’s information is actually used in an identity theft crime, the provider may have to pay costs associated with restoring the affected individual to pre-breach status. That can involve legal fees as well as lots of wrangling with credit bureaus, retailers or service providers.
- Forensic costs to hire experts to determine the nature and scope of the intrusion or loss of information, or to try to stop an assault on the company’s information control and computing capabilities.
- Legal costs to guide a provider through the maze of regulations and risks that may be relevant.
- Cyber extortion, where hackers demand ransom payments in order to return control of a network or access to sensitive data.
- Loss of money through unauthorized wires or ACH transfers by an unauthorized party who obtained access or who used false pretenses to induce others to act. Regulatory fines and penalties imposed by federal and state regulations may be applicable based on the nature of an incident or compromise. Most providers accept credit/ debit cards as a form of payment, so they are therefore subjected to Payment Card Industry (“PCI”) compliance. If payment card information is compromised in a breach, the resulting fines and penalties can be substantial.
- Business interruption loss, if a cyber attack shut down or impaired your network for a period of time and the organization was not able to generate revenue or incurred additional costs to do so.
- Public relations (PR) costs to help manage or prevent fall-out from the event when it is substantially publicized and may harm the company. In some cases, this may be as simple as assistance with press releases; however, depending on the severity of the event, it could be broader in scope and include targeted ads in publications and television. The motivation for incurring PR expenses is to mitigate reputational loss. Components of reputational loss include damage to the provider’s brand/status in the community that it services. A provider may lose patients.
- If publicly traded, there may be loss of share price value. It is difficult to quantify an exact price tag associated with this type of loss, but it undeniably exists.
When we defined cyber liability, we focused on the internet, other electronic networks and electronic storage technology. Let’s discuss some key touchpoints within that framework. Network servers form the backbone of the healthcare provider’s system, so they are always a prime target. Criminals can figure out what types of hardware and software are being used with minimal effort and use that information to attempt to exploit known weaknesses.
Patient portals and Electronic Medical Records (EMRs) may exist on a provider’s own server or may be hosted by a third party. Portals and EMRs contain extremely valuable personal health information and are very attractive targets.
Vendors/business partners that have access to any part of the provider’s network present a significant exposure. Hackers gained access in the massive Target Corporation data breach through what was supposed to be limited access provided to an HVAC contractor.
With the major push into EMRs, providers are increasingly using mobile devices such as laptops, tablets and phones in the course of providing care. The more peripheral devices you add to a network, the more entry points you create. The WiFi connection for each device represents a potential point of entry for a hacker.
External drives are widely used for back-ups and disaster recovery. They are also often used when paper files are converted to digital. Storage and disposition of the old paper files are not online and are not something you think of as cyber-related but are nonetheless a source of significant liability if they are not protected and disposed of properly.
This completes our review of “What is Cyber Liability?” In our next issue, we will discuss the ways in which your organization can be harmed.
The information contained in this publication is provided for informational purposes only and is not provided as a substitute for advice from legal counsel regarding the content or interpretation of any law, regulation or rule. The information provided shall not revise, supplement or alter an insurance policy in any manner, nor is it intended as a substitute for advice from a risk management expert or legal counsel you may retain for your own purposes.
©2017 Napa River Insurance Services, Inc.